[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] Static key / SSL-TLS

Subject: [Openvpn-users] Static key / SSL-TLS
From: Michel MEUNIER <mmeunier@xxxxxxx>
Date: Wed, 03 Sep 2003 17:31:42 +0200

After several months of use of OpenVPN between Linux boxes, I have to connect W2K and XP boxes now.

It was pretty easy to setup a link using static key. But it is not so straight forward to use SSL-TLS with the same machines.

My Linux boxes use 1.3.1 version, whereas W2K one uses 1.5-beta7 one.

Here is a part of my log :

21[0]:   tun_mtu = 1500
22[0]:   tun_mtu_defined = ENABLED
23[0]:   udp_mtu = 1300
24[0]:   udp_mtu_defined = DISABLED
25[0]:   mlock = DISABLED
26[0]:   inactivity_timeout = 0
27[0]:   ping_send_timeout = 15
28[0]:   ping_rec_timeout = 0
29[0]:   ping_rec_timeout_action = 0
30[0]:   ping_timer_remote = DISABLED


36[0]:   username = 'nobody'
37[0]:   groupname = 'nogroup'
38[0]:   chroot_dir = '[UNDEF]'
39[0]:   cd_dir = '/etc/openvpn'
40[0]:   writepid = '[UNDEF]'
41[0]:   up_script = './r_furtif2.up'
42[0]:   down_script = '[UNDEF]'
43[0]:   daemon = DISABLED
44[0]:   nice = 0
45[0]:   verbosity = 3
46[0]:   mute = 0
47[0]:   gremlin = DISABLED
48[0]:   comp_lzo = ENABLED
49[0]:   comp_lzo_adaptive = ENABLED
50[0]:   shared_secret_file = '[UNDEF]'
51[0]:   ciphername_defined = ENABLED
52[0]:   ciphername = 'BF-CBC'
53[0]:   authname_defined = ENABLED
54[0]:   authname = 'SHA1'
55[0]:   keysize = 0           <-------- this works between Linux boxes
					 keysize = 128 in conf file
						as no effect here
56[0]:   packet_id = ENABLED
57[0]:   iv = ENABLED
58[0]:   test_crypto = DISABLED
59[0]:   tls_server = ENABLED
60[0]:   tls_client = DISABLED
61[0]:   ca_file = '/root/.ssl/calydial-ca.crt'
62[0]:   dh_file = '/root/.ssl/dh1024.pem'
63[0]:   cert_file = '/root/.ssl/rabelais-calydial.crt'
64[0]:   priv_key_file = '/root/.ssl/rabelais-calydial.key'
65[0]:   cipher_list = '[UNDEF]'
66[0]:   tls_verify = '[UNDEF]'
67[0]:   tls_timeout = 5

75[0]: tls_auth_file = '[UNDEF]' 76[0]: OpenVPN 1.3.1 i386-redhat-linux built on Jul 10 2002 77[0]: PTHREAD support initialized 78[0]: UDP link local (bound): [undef]:5012 79[0]: UDP link remote: [undef] 80[0]: LZO compression initialized 81[0]: Data Channel MTU parms: mtu=1500 extra_frame=42 extra_buffer=61 extra_tun=0 82[0]: Control Channel MTU parms: mtu=1504 extra_frame=38 extra_buffer=38 extra_tun=0 83[0]: tun/tap device tap2 opened 84[0]: ./r_furtif2.up tap2 1500 1542 85[0]: GID set to nogroup 86[0]: UID set to nobody 87[1]: VERIFY OK: depth=1, /C=FR/ST=Some-State/L=VIENNE/O=CALYDIAL/CN=CALYDIAL/E mail=calydial@xxxxxxxxxx 88[1]: VERIFY OK: depth=0, /C=FR/ST=Some-State/O=CALYDIAL/CN=Furtif/Email=furtif @calydial.loc 89[1]: TLS Error: Local ('V1 --cipher BF-CBC --auth SHA1 --comp-lzo') and Remote ('V2 --dev-type tap --link-mtu 1606 --tun-mtu 1564 --cipher BF-CBC --auth SHA1 --keysize 128 --comp-lzo') options are incompatible 90[1]: TLS Error: TLS handshake failed

Any idea ??
Thanks in advance.


Michel MEUNIER

PS : OpenVPN is really good stuff !


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] Static key / SSL-TLS
  - From: James Yonan

Prev by Date: Re: [Openvpn-users] Using netsh on Windows
Next by Date: Re: [Openvpn-users] Broadband sharing question
Previous by thread: Re: [Openvpn-users] Using netsh on Windows
Next by thread: Re: [Openvpn-users] Static key / SSL-TLS
Index(es):
- Date
- Thread